Jump to content

Question re: EsetIpBlacklist


j-gray
 Share

Recommended Posts

In ESMC, ESET Server Security logs a detection type 'Security vulnerability exploitation attempt' caused by EsetIpBlacklist. The detection type is labelled as 'Firewall'.

As the Server Security policies don't have a specific 'Firewall' section or component, can anyone clarify what component exactly is responsible for this protection?

My assumption is that it's the IDS component of Network Protection, but I'm not entirely sure.

TIA

Link to comment
Share on other sites

  • Administrators

Yes, it's Network protection that blocks addresses seen to generate malicious communication. Do you suspect a particular IP address to be blocked incorrectly?

Link to comment
Share on other sites

4 minutes ago, Marcos said:

Yes, it's Network protection that blocks addresses seen to generate malicious communication. Do you suspect a particular IP address to be blocked incorrectly?

Thanks for the reply.

There's no visibility or information (other than blacklist) to help us determine why the IP is being blocked. All we know is that they are IP's that are external to our network.

Is there any more detailed information logged somewhere?

Link to comment
Share on other sites

  • Administrators
10 minutes ago, j-gray said:

Is there any more detailed information logged somewhere?

No. However, if you provide the IP address I could search for possible reasons.

Link to comment
Share on other sites

9 minutes ago, Marcos said:

No. However, if you provide the IP address I could search for possible reasons.

Thanks -I just sent the IPs via PM. Hope that's ok.

Link to comment
Share on other sites

@Marcos The bulk of the hits are coming frequently and from one cloud hosting provider: 192.241.128.0/17

We have IDS and IPS in place at our edge, but they're not detecting this traffic.

Is the ESET component simply a block list, or is there some other logic/analysis in place? 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...